'Here you have'... a virus

Emma Woollacott, 10th September 2010

A new email worm is landing in email inboxes worldwide, disabling the anti-virus software of the unwary.

Dubbed 'Here you Have', it's a new attack, with the first reported cases appearing yesterday. However, it's similar to classic old-school mass-mailing viruses like Nimda, Melissa and the Anna Kournikova virus from 2001.

It arrives as an email asking the recipient to open a link. However, the link points to a malicious program file disguised as a PDF hosted on the internet. When the user clicks on the link, the malicious file - W32.Imsolk.B@mm - is downloaded and launched. This installs the worm onto the victim’s computer and emailing the original message to everyone in the infected user’s email address book.

There are two versions of the original message. One reads:

Hello:
Subject: Here you have
This is The Document I told you about,you can find it Here.
http://***url***/PDF_Document21.025542010.pdf
Please check it and reply as soon as possible.
Cheers,

The other, aimed at the less business-like, one presumes, reads:

Hello:
This is The Free Dowload Sex Movies,you can find it Here.
http://***url***/SEX21.025542010.wmv
Cheers,

"It looks like multiple variants may be spreading and may take some time to work through them all to paint a clearer picture," warns McAfee Labs.

The worm also attempts to spread over local networks such as intranets by copying itself to open drive shares found on other machines on the network. Once it has, it will be launched if a user even opens the folder that contains the threat on a new machine.

According to ABC News, the worm has hit many major organizations, including NASA, Disney, Comcast, Proctor & Gamble - and ABC itself.